6714 matches found
PT-2023-21172 · Sap · Sap Diagnostic Agent
Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...
LiveAction LiveSP 跨站脚本漏洞
LiveAction LiveSP is a network monitoring software for service providers from LiveAction. A security vulnerability exists in LiveAction LiveSP version v21.1.2. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...
PT-2023-2328 · Sap · Sap Diagnostic Agent
Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The issue is related to missing authentication and insufficient input validation in the OSCommand Bridge of the SAP Diagnostics Agent. This allows an attacker with deep knowledge of the system to...
WordPress plugin PropertyHive 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...
PT-2023-3267 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.60 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient cleaning of user data when processing external links, allowing a user to inject and execute arbitrary HTML code and script...
Augment Security Asset Tagging with Custom Assessment and Remediation (CAR)
Security asset tagging provides a flexible and scalable way to organize the assets in your environment based on specific requirements. It enables you to create tags and assign them to your assets, which can improve your cybersecurity maturity and reduce risks for breaches and audit failures. Qual...
Apache OpenOffice < 4.1.14 Multiple Vulnerabilities
The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - Apache OpenOffice versions before 4.1.14 may b...
CVE-2023-27245
A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...
Debian: Security Advisory (DLA-3368-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3368-1] libreoffice security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3368-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaries March 26, 2023 https://wiki.debian.org/LTS -...
CVE-2022-47502
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2022-47502
Apache OpenOffice
CVE-2022-47502 Apache OpenOffice: Macro URL arbitrary script execution
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2023-25593
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
CVE-2023-25592
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...
Aruba Networks ClearPass Policy Manager 跨站脚本漏洞
Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that originates from the presence of Reflective Cross Site Scripting XSS, whic...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-064)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-064 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...
Cross site scripting
A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...